Abstract
We give a new practical algorithm to compute, in finite time, a fixpoint (and often the least fixpoint) of a system of equations in the abstract numerical domains of zones and templates used for static analysis of programs by abstract interpretation. This paper extends previous work on the non-relational domain of intervals to relational domains. The algorithm is based on policy iteration techniques– rather than Kleene iterations as used classically in static analysis– and generates from the system of equations a finite set of simpler systems that we call policies. This set of policies satisfies a selection property which ensures that the minimal fixpoint of the original system of equations is the minimum of the fixpoints of the policies. Computing a fixpoint of a policy is done by linear programming. It is shown, through experiments made on a prototype analyzer, compared in particular to analyzers such as LPInv or the Octagon Analyzer, to be in general more precise and faster than the usual Kleene iteration combined with widening and narrowing techniques.
Keywords
- Complete Lattice
- Infeasible Solution
- Abstract Interpretation
- Selection Property
- Relational Domain
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Chapter PDF
References
Cousot, P., Cousot, R.: Static determination of dynamic properties of programs. In: 2nd International Symposium on Programming, Paris, France (1976)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximations of fixed points. In: Principles of Programming Languages, vol. 4, pp. 238–252 (1977)
Cousot, P., Cousot, R.: Comparison of the Galois connection and widening/narrowing approaches to abstract interpretation. BIGRE (JTASPEFL’91, Bordeaux) 74, 107–110 (1991)
Cousot, P., Cousot, R.: Abstract interpretation frameworks. Journal of Logic and Computation 2(4), 511–547 (1992)
Conway, C., et al.: Incremental algorithms for inter-procedural automaton-based program analysis. In: Computer Aided Verification, LNCS. Springer, Heidelberg (2006)
Costan, A., et al.: A policy iteration algorithm for computing fixed points in static analysis of programs. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 462–475. Springer, Heidelberg (2005)
Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: Conference Record of the Fifth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 84–97 (1978)
Chvátal, V.: Linear programming. Freeman and Co., New York (1983)
CIL. Tech. report, Berkeley University, http://manju.cs.berkeley.edu/cil/
Gaubert, S., Gunawardena, J.: The duality theorem for min-max functions. C.R. Acad. Sci. 326(1), 43–48 (1998)
GLPK. Tech. report, Gnu, http://www.gnu.org/software/glpk/
Goubault, É., Putot, S.: Static Analysis of Numerical Algorithms. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 18–34. Springer, Heidelberg (2006)
Hoffman, A.J., Karp, R.M.: On nonterminating stochastic games. Management sciences 12(5), 359–370 (1966)
Howard, R.: Dynamic programming and markov processes. Wiley, Chichester (1960)
Mimram, S.: OcamlGLPK. Tech. report, Gnu, http://ocaml-glpk.sourceforge.net/
Miné, A.: A new numerical abstract domain based on difference-bound matrices. In: Danvy, O., Filinski, A. (eds.) PADO 2001. LNCS, vol. 2053, pp. 155–172. Springer, Heidelberg (2001)
Miné, A.: The octagon abstract domain. In: AST 2001 in WCRE 2001, pp. 310–319. IEEE, Los Alamitos (2001)
Miné, A.: Weakly relational numerical abstract domains. Ph.D. thesis, Ecole Nationale Supérieure, France (2004)
Miné, A.: The octagon domain library (2005)
Manna, Z., et al.: Efficient Strongly Relational Polyhedral Analysis. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 111–125. Springer, Heidelberg (2005)
Sipma, H., Sankaranarayanan, S., Manna, Z.: Lpinv: Linear programming invariant generator (2005)
Sankaranarayanan, S., Sipma, H., Manna, Z.: Scalable analysis of linear systems using mathematical programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Gaubert, S., Goubault, E., Taly, A., Zennou, S. (2007). Static Analysis by Policy Iteration on Relational Domains. In: De Nicola, R. (eds) Programming Languages and Systems. ESOP 2007. Lecture Notes in Computer Science, vol 4421. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71316-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-71316-6_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71314-2
Online ISBN: 978-3-540-71316-6
eBook Packages: Computer ScienceComputer Science (R0)